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CENTRAL fitter 

INTHEO.ATMS ^ 0 ? Ml 

Please amend the claims as set out below: 

1 . (currently amended) A method for providing secure authentication, the method comprising: 
i a) seniing.feeciving basic authentication data from a first computer to a second comp uter, 

: whe rein the basic authentication data pro v ides a certificate including a validity status date and a 
credential, the credential being for permitting a first type of transaction access hv the first. 
computer to an application p rovided bv the second computer for a ncourc tmnsnct i fm hr.twran the 
first computer and a 3ccond compute^ - whe r ein the receiving in by the accond computer , wherein , 
the secure tran saction is during a certain communication 3C33ion between the first and second 
computer, aiwkhe basic authentication data has been certified by an accepted certifying authority, 
and whereirHhe basic authentication dat a sent to the second computer includes a public key of 
the first compute r for permitting a first type of access by the first compute r to an application 
. p r ovided by the second computer ; 

! b) storing a copy uf Hit first compute r 's public key; 

e- ) - rcquc3ting, by the second compute r during ' tho communication session, an additional 

i 

i ndividual authentication data unit f r om the first computer, wherein the additional individual 
authentication data unit is for permitting a second - type of accc33 by the fii ' 3t comptrter to an 
! application provided by the second computer; 

fed) generating receiving the a n_additional individual authentication data unit by the 
i second computer f r om lhi first compute r, wherein the additional individual authentication data 

unit provides a self certificate including a validity statu s date and a credential, the self certificate 
! crede ntial being for permitting a second type of access by the first computer to an application 
provided by the second computer, and wherein the generating includes; 

i signing the individual authentication d ata unit bv the first computer using a key 

; associated with the p nhlje ke y; 

and 
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1 ' Sl sendi ffR the additional individual authentica t ion data unit hy the first comp iler tn th» 

' gecQ t* d computer, go that the second computer cart^ ay^e) verifying authenticity of the additional 
; individual authentication data uni t, wherein c) includes atoring udn&the first computer's public 
• key that was rece ivg<i from the first computer by the second computer with the basic 
a uthentication data, daring the certain coinmunieaiion 3C33ion, and the verifying includes 
ve rifying the additional individual authentication data unit by the second com p uter U3iug tho 
' * Qcond computed stored copy of the first comput er ^ public key during the ce rt a i n 
' gQ"^umcation 3caaion and without the second computer obtaining another copy of the publ ie 

! ^cyr 

2. (currently amended) The improved method as claimed in claim 1 wherein the second type 
of access includes an access for an application in which a digital credit card is used for a 
purchase. 

3. (previously presented) The method as claimed in claim 1, wherein the authenticity of said 
additional individual authentication data is established by signature of said accepted certifying 
authority. 

4. (currently amended) The improved method as claimed in claim 1 wherein the second type 
of access includes an access for an application in which an email message is securely transmitted. 

| 5. (currently amended) The improved method as claimed in claim 1, wherein the 

authentication data includes an identity certificate, and the method includes: 
. receiving, by the occond computer, g enerating a command from the first computer for the 

! second computer to invalidate a previously presented identity certificat e, wherein the previously 
| presented identity certificate includes a validity status date and an identity credential: *md- 
receiving, by the soeond computer - generating bv the first compute; a new identity 
I certificate having a val idity status date and an identity credential: and 

Sending, from the first computer to the second computer, the new identity certificate t o 

replace the invalidated identity certificate, wherein the command to invalidate and the new 
> 
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identity certificate are both received by the second computer during the certain communication 
session. 



6. (currently amended) A system for providing secure authentication, the system comprising: 
.' means for §ending jreccivmg b asic authentication data from a first computer to a second 

■ fioniputer wherein the basic authentication d ata provides a certificate includin g a validity status 
| date and a credential the credential hem p for pcrmittfag a first type of transaction bv the first 

computer to an application provide d hv the second computer, fe fa secu r e tram^*™ hoWnn 
; * hc fir3t co mpute r and a occond computer, wherein the r eceiving is by the second " computer, 

whg£gin .tlic occurc transaction is during a certain communication session between the fir3t and 

second computer, and t he basic authentication data has been certified by an accepted certifying 
| authority, and wherein t he basic authentication data sent to the second computer i ncludes a 

public key of the first compute r^ perm i tting a first type of access by the fi r st com p uter to an 
| appHcatiottTprovidcd by the second computer ; 

~ — mcan3 for s toring a copy of the fir3t computer's public key; 

mcan3 for reque s ting, by the second computer during the communication session, ®a 
j additional individual authentication data unit from the fir3t com p uter, wherein the additional 
| individual authentication data unit is for permitting a - sccond type of access by the first compute r 
| to cm application provided by the second computer; 

i 

means for generating receiving the ^ additional individual authentication data unit by the 
3ceond computer from t he first compute r, wherein the additional individual authentication data 
unit provides a self certificate incl uding a validity status date and a credential, the self certificate 
; gredential being for permittinp a sec ond type of access bv the first computer to an application 
provided by the second computer, and wherei n the means for generating includes: 

■ means for signing the individual authentication data unit bv the first computer 

using a key associated with the public kev: 
and 

mean? for sendi fls the additional indiv idual authentication data from the first computer to 

the second computer, so that the second com puter ca^ ^and means for verifying authenticity of 
the additional individual authentication data uni t, wherein the storing means include s means for 
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' afcwiftg usiag_the first computer's public key that was received from the first computer h v the 

. second computer with the basic authentication datq , * * -. . m T ■ , ■ mirnfl o n a c jjiou , 

i ***** ^ mcan3 for w i & ' m includes means fo r verifying the additional individual authentication 
. data unit by tlic sccoud co mputer using the 3ccond computer's stored copj u f die firat eomputci 1 
public key d u r ing the cer t ain communication flc 3 3ion and without the second co mputer obtaining 
' another copy of the public ke y? 



7. (previously presented) The system as claimed in claim 6 wherein the second type of access 
includes an access for an application in which a digital credit card is used for a purchase. 

8. (previously presented) The system as claimed in claim 6, wherein the authenticity, of said 
additional individual authentication data is established by means of signature of said accepted 
certifying authority. 



9. (previously presented) The system as claimed in claim 6, wherein the second type of access 
includes an access for an application in which an email message is securely transmitted. 

10. (currently amended) The system as claimed in claim 6, wherein the authentication data 
includes an identity certificate, and the system includes: 

means for receiving, by the second computer, s ending.a command from the first computer 
for the second computer to invalidate a previously presented identity certificat e, wherein the 
! Previously presented i dentity certificate includes a validity status date and an identity credential: 
and 1 

means for r ccciving, by the second computer, g enerating bv the first computer a new 
, identity certificate having a validi ty status date and an identity credential: and 

| a.eyiding, from the first computer to the second computer, the new identity certificate t o 

replace the invalidated identity certificate, wherein the command to invalidate and the new 
identity certificate are both received by the second computer during the certain communication 
session- 
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1 1 . (currently amended) A computer program product comprising computer readable program 

code stored on computer readable storage medium embodied therein for providing secure 

authentication, the computer program product comprising: 
; computer readable program code mea»s-configured for sending t ccciving - h asic. 

authentication data from a first computer to a second com puter, wherein the basic authentication 
1 da ta provides a certificate including ^ y ali ditv status date and a credential, the credential hein p 

for permitting a first type of transac ti on access hy the first computer to an application provided 
• by the second cpmputerjFor a scourc t r ansaction - bctwccn the first compute r and a second 
; c ompute r , wherein the receiving is by the accond computer , wherein H ie accure t r annnctinn in 
, during a certain communication session between the first and second compute r , and t he basic 

authentication data has been certified by an accepted certifying authority, and wherem the basic 
j authentication data sent to the second computer includes a public key of the first computer-for 
; permitting a fi r 3t type of access by the first compute r to an applica t ion p r ovided - by -the second 
| computer; 

computer readable pr ogram code means configured for storing a copy of the first 

; computer's public key; 

i 
I 

computer loadable prog r am eodfrTtncans configu r ed for r equesting, by the second 
computet* during the communication 3C53ion, an additional ' individual authentication data unit 
j from the first computer, wherein the additional individual - authentication data unit is for 
pe r mitting a 3ccond type of accc33 by the first computer to an application provided by the second 
computer j' 

computer readable program code means-configured fpr generating r eceiving t he 
additional individual authentication data unit by th c -^ e e ond computcr from the first computer 
wherein the additional individu al authentication data unit provides a self certificate including a 
validity status date and a credential the self certificate credential being for permitting a second 
type of access bv the first comp uter to an application provided by the second compute^ aj id 
! wherein the compute r readable program code configured for generating includes: 

computer readable pro gram code configured for signing the individual 

j authentication data unit bv th e first computer using a kev associated with the public kev: 

! and 
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* computer readable program code means confi g ured for sandin g the additional inHiviH^I 

; aut ^ticatinn data frqm fre fir st computer to the s econd computer. so that the ^r.nnrf m^ i.r 
j ^ M Mi- L o mp utu r e adable program code mcam cun figm u l f or verifying authenticity of the 
■ additional individual authentication data uni t, wherein dxc cump u L u readable program cod u 
[ mcana configured fo r to y ing a cop > o f u smg_the first computer's public ke y includes c o mputer 

readable pro gram code means configured for storing the firat computer's public ke v that wag 
1 reived from the first computer with tfr e basic authentication data b v the second computer 
I faMfi the certain communication session, aud die verifying includes verifying the additional 
| dividual a uthentication data unit by the accoiid - computcr u a ing tine second computer's sto r ed 
i ce W r of the first computer^ public key dumig die certain communication scooion and without tlic 

s econd computer obtaining another copy of the public kc>, 

1Z (previously presented) The computer program product as claimed in claim 11, wherein 
the second type of access includes an access for an application in which a digital credit card is 
used for a purchase. 

13. (previously presented) The computer program product as claimed in claim 11, wherein 
the authenticity of said additional individual authentication data is established by signature of 
said accepted certifying authority. 

14. (previously presented) The computer program product as claimed in claim 11, wherein 
the second type of access includes an access for an application in which a digital credit card is 
used for a purchase. 

15. (currently amended) The computer. program product as claimed in claim 11, wherein the 
authentication data includes an identity certificate, and the computer program product includes: 

computer readable program code means configured for r eceiving, by fee - second 

j a ' 

j eomputcr;-gen,eratin£a command from the first computer for the second computer to invalidate a 
i previously presented identity certificat e, wherein the previously presented identity certificate 
includes a validity status date and an identity credential: and 
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• computer readable program code ineaas-configured for receiving, by the second computer, - 
; g e " e ratin g.a new identity certificat e having a validity sta t us date and an identity credential- and 
; ' — computer readable program code configured for s*nd^ fr om the first mmpi.te to the second 
Co mpu , tex, the new identity certificate t o replace the invalidated identity certificate, wherein the 
command to invalidate and the new identity certificate are both received by the second computer 
during the certain communication session. 
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